Skip to content

Commit

Permalink
[Identity] TokenCache update. (#14064)
Browse files Browse the repository at this point in the history
* squashed the history

* removed axios

* I forgot to commit the changes to the API review file

* Gracefully throwing on Node 8 and a changelog update

* Added userPromptCallback to device code options and added a comment relevant to Node &

* skipping browser unit tests for now

* we use DPAPI on windows, not PNPM!! oops

* version change in the manual test package.json

* skipping persistence tests on OSX due to missing password

* Jeff feedback

* recorded the Node 15 error test

* node 15 CI workaround while we wait for MSAL
  • Loading branch information
sadasant authored Mar 22, 2021
1 parent 56b1536 commit 2168851
Show file tree
Hide file tree
Showing 115 changed files with 9,476 additions and 2,115 deletions.
104 changes: 77 additions & 27 deletions common/config/rush/pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions sdk/identity/identity/.gitignore
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
src/**/*.js
!test/assets/cert.pem
16 changes: 16 additions & 0 deletions sdk/identity/identity/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,26 @@

This release continues with the changes from `1.2.4` and `1.2.4-beta.1`.

- The `getToken` methods will now never return `null`. If a token is not available, we will return a rejected promise.
- `DefaultAzureCredential`'s implementation for browsers was simplified to throw a simple error instead of trying credentials that were already not supported for the browser.
- Breaking Change: `InteractiveBrowserCredential` for the browser now requires the client ID to be provided.
- Documentation was added to elaborate on how to configure an AAD application to support `InteractiveBrowserCredential`.
- Replaced the use of the 'express' module with a Node-native http server, shrinking the resulting identity module considerably
- Updated `@azure/msal-node-extensions` to [1.0.0-alpha.6](https://www.npmjs.com/package/@azure/msal-node-extensions/v/1.0.0-alpha.6).
- Refactored our use of MSAL to better centralize the handling of inputs, outputs and errors.
- Migrated the `InteractiveBrowserCredential`, `DeviceCodeCredential`, `ClientSecretCredential`, `ClientCertificateCredential` and `UsernamePasswordCredential` to the latest MSAL.
- This update improves caching of tokens, significantly reducing the number of network requests.
- Credentials `InteractiveBrowserCredential`, `DeviceCodeCredential` and `UsernamePasswordCredential` now can:
- Receive a `tokenCachePersistenceOptions` parameter to specify persitence caching of the credentials used to authenticate. This feature uses DPAPI on Windows, it tries to use the Keychain on OSX and the Keyring on Linux, and if the user sets `allowUnencryptedStorage` to true in the `tokenCachePersistenceOptions`, it allows to fall back to an unprotected file if neither the Keychain nor the Keyring are available.
- As part of this beta, this feature is only supported in Node 10, 12 and 14.
- Receive an `authenticationRecord` from a previous authentication on their constructors, which skips the initial request altogether.
- Receive a `disableAutomaticAuthentication` setting on the constructor, which stops `getToken` from requesting the user to authenticate manually.
- An `authenticate()` method has been added besides the `getToken()` method.
- The `authenticate()` method returns an `AuthenticationRecord` which can be serialized into strings with their property `serialize()`. To later deserialize from string into an `AuthenticationRecord`, use the new function `deserializeAuthenticationRecord()`.
- If `disableAutomaticAuthentication` is set on the constructor of these credentials, developers can now control when to manually authenticate by calling to these credential's `authenticate()` method.
- `DeviceCodeCredential` now can receive its optional parameters as a single parameter object.
- Breaking change: `InteractiveBrowserCredential` now only has `loginStyle` and `flow` in the optional parameters when the credential is bundled for browsers. This reflects the intended behavior.
- Breaking change: Removed the `postLogoutRedirectUri` from the optional properties of the `InteractiveBrowserCredential`.

## 1.2.4 (2021-03-08)

Expand Down
Loading

0 comments on commit 2168851

Please sign in to comment.